With cybersecurity attacks on the rise, it’s increasingly important for companies to protect any sensitive data they handle. Because Extu handles the personal information of so many of our clients’ program participants, we’re dedicated to keeping that data secure. Our incentive software meets SOC 2 compliance requirements to ensure clients can trust that their sensitive corporate and participant data is safe.
What Is SOC 2?
Service Organization Control (SOC) 2 is a set of criteria developed by the American Institute of Certified Public Accountants (AICPA) for managing customer data. It’s based on five “trust service principles”:
- Two-factor authentication (2FA) prevents security breaches that could allow unauthorized system or data access
- The system’s collection, use, retention, disclosure and disposal of personal information conforms with the organization’s privacy notice and the AICPA’s generally accepted privacy principles.
- Controls to protect all personal identifiable information PII from unauthorized access.
- Access control measures prevent system abuse, theft, unauthorized data removal, software misuse, or improper alterations and information disclosures.
- Prevent security breaches that lead to unauthorized access systems and data using network/application firewalls, two-factor authentication, and intrusion detection.
- System, product, or services accessibility according to contract or service level agreement (SLA).
- Performance monitoring and security incident handling.
- Disaster recovery with a site failover in the event of system failure.
- Complete, valid, accurate, timely, authorized data processing.
- Quality assurance procedures to help ensure processing integrity.
- Encryption to protect confidentiality during transmissions.
- Network and application firewalls, along with stringent access controls, to safeguard processed information.
Why Is SOC 2 Important?
Compliance with SOC 2 principles ensures that our clients don’t incur expenses from reward claiming fraud and all incentive and channel marketing program participants’ data remains secure. All of our incentive technology is programmed, managed, and updated in-house, so we don’t have to rely on third-parties to meet important security requirements that keep your participant data safe.
For more information on our technology and data security practices, get in touch with us!